Prep
Privacy · sub-processors

Every third party we share data with

Updated whenever we add or remove a vendor. Notification cadence: 30 days before adding a new core-tier processor; immediate for breach-replacement.

Back to Privacy Policy

Tier 1 · Core

Required to operate the service. Cannot be opted out of.

9 vendors
Provider
Amazon Web ServicesDPA →
CloudflareDPA →
StripeDPA →
RazorpayDPA →
Firebase Cloud MessagingDPA →
Apple Push NotificationDPA →
TwilioDPA →
MSG91DPA →
PostmarkDPA →

Tier 2 · Optional

Used only with your explicit opt-in or for specific gated features.

5 vendors
Provider
OpenAIDPA →
ElevenLabsDPA →
Stripe IdentityDPA →
SentryDPA →
DatadogDPA →

Tier 3 · Regional

Used only in specific markets. Listed for transparency.

3 vendors
Provider
Razorpay RouteDPA →
Stripe ConnectDPA →
PayoneerDPA →

Our processor-selection bar

  • Signed DPA + standard contractual clauses where data crosses borders
  • SOC 2 Type II report (we read them, not just check the box)
  • Encryption-in-transit and at-rest required
  • Sub-processor must publish their own sub-processor list
  • 30-day notice on any breach affecting our data

Spotted something? Email dpo@prep.app — DPO responds within 24 business hours.